[Pdns-users] Zone transfer from supermaster fails: Error resolving SOA or NS

Bas van Schaik bas at tuxes.nl
Mon Apr 23 12:31:23 UTC 2007 

Hi all,

I'm currently setting up a third nameserver for my domains. The primary
and secundary are using native SQL replication (works great!) but are
physically in the same building, which is of course not very fault
tolerant. Now, I'm setting up the third nameserver (master/slave
replication) using the primary nameserver as a supermaster. For the
first few hundred domains this initial transfer works perfectly, but
after a while the slave server begins to throw errors like this:
> Apr 23 13:37:07 callisto pdns[2433]: Received NOTIFY for assen.nl from
> 87.251.57.140 for which we are not authoritative
> Apr 23 13:37:08 callisto pdns[2433]: Error resolving SOA or NS for
> 'assen.nl' at 87.251.57.140
(note that "callisto" is the hostname of the slave nameserver,
87.251.57.140 is my primary nameserver)

After a while, the slave holds about 600 domains, but the master
nameserver has about 1500 domains! Based on these errors, I started
investigating the records for "assen.nl" (and some of the other domains
failing to transfer), but found nothing suspicious. So I just retried
the NOTIFY on the master:
> pdns_control notify assen.nl

Which lead to the following log entries on the slave:
> Apr 23 13:57:20 callisto pdns[2453]: Received NOTIFY for assen.nl from
> 87.251.57.140 for which we are not authoritative
> Apr 23 13:57:20 callisto pdns[2453]: Created new slave zone 'assen.nl'
> from supermaster 87.251.57.140, queued axfr
> Apr 23 13:57:21 callisto pdns[2429]: AXFR started for 'assen.nl',
> transaction started
> Apr 23 13:57:21 callisto pdns[2429]: AXFR done for 'assen.nl', zone
> committed

Note that I changed nothing in the "assen.nl" zone on the master at all!
There seems to be a problem with the initial transfer of hundreds of
domains from a master to a slave? I already tried to change the number
of running threads on both master and slave, but that didn't do the
trick. I also noticed that some NOTIFY-packets are never received by the
slave. Master's log:
> $ cat daemon.log | grep -i adselectshop.nl
> Apr 23 14:19:57 helios pdns[5365]: Queued notification of domain
> 'adselectshop.nl' to 80.89.236.78
("callisto" is the slave nameserver with IP 80.89.236.78)

And the slave log:
> $ cat daemon.log | grep -i adselectshop.nl
> (no output)
Again, executing "pdns_control notify adselectshop.nl" on the master
nameserver manually did the trick for this domain. Anyone out there to
enlighten me?


Regards,

  -- Bas van Schaik
  Dutch system administrator

More information about the Pdns-users mailing list